Cisco 5506-X / 5512-X SFR Unsupported
Feb26

Cisco 5506-X / 5512-X SFR Unsupported

Posted By on Feb 26, 2019

KB ID 0001522 Problem After upgrading an ASA 5506-X to Version 9.10, I was about to re-image the FirePOWER SFR module. I went to load the boot image and this happened; sw-module module sfr recover configure image disk0:/asasfr-5500x-boot-6.3.0-3.img ^ ERROR: % Invalid input detected at ‘^’ marker. At first I thought “Oh great, the syntax has changed, there’s another post to update”. But no, the command is...

Read More
Microsoft Azure ‘Route Based’ VPN to Cisco ASA
Feb13

Microsoft Azure ‘Route Based’ VPN to Cisco ASA

Posted By on Feb 13, 2019

KB ID 0001515 Problem This covers the, (more modern) Route based VPN to a Cisco ASA that’s using a VTI (Virtual Tunnel Interface).   Virtual Network Gateway Options With VPN’s into Azure you connect to a Virtual Network Gateway, of which there are TWO types Policy Based, and Route Based. This article will deal with Route Based, for the older Policy Based option, see the following link; Microsoft Azure To Cisco ASA Site to...

Read More
AnyConnect: Stop Prompting for Certificates
Jan18

AnyConnect: Stop Prompting for Certificates

Posted By on Jan 18, 2019

KB ID 0001505 Problem If you secure your AnyConnect with certificates, you may see something like this; When you simply want it to connect without prompting. Solution This tripped me up last week, luckily I’d seen it before, and knew how to fix it. You need to edit the profile for your AnyConnect so that, you ‘UNTICK’ Disable Automatic Certificate Selection. I know that sounds like the opposite of what you want to...

Read More
AnyConnect ‘Management VPN Tunnel’ Configuration
Jan13

AnyConnect ‘Management VPN Tunnel’ Configuration

Posted By on Jan 13, 2019

KB ID 0001503 Problem With the newest version of AnyConnect (4.7) there’s an added feature called ‘Management VPN’. It’s there, so that if you have remote users who don’t VPN in very often, then you may struggle to mange them, e.g. put software updates, AV updates, SCCM packages etc. down to them.  Before version 4.7  you could configure ‘Automatically Connect’, or ‘Start before...

Read More
Cisco ASA: DHCP Relay Over VPN
Jan09

Cisco ASA: DHCP Relay Over VPN

Posted By on Jan 9, 2019

KB ID 0001501 Problem A few weeks ago this was asked on one of the forums I post in. For a long time the ASA didn’t support DHCP relay then finally in version 9 it was added. The question was, can I provide DHCP relay but have the DHCP server on another site (connected via VPN).  Well I wasn’t sure, so I put it on the mental back burner, until I got my EVE-NG server rebuilt. Below I knocked up a simple two site setup, then...

Read More
Microsoft Azure To Cisco ASA Site to Site VPN
Jan01

Microsoft Azure To Cisco ASA Site to Site VPN

Posted By on Jan 1, 2019

KB ID 000116 Problem The one reason I prefer Cisco over Microsoft is they rarely change things, you learn how to do something and it’s learned. This is the second time have had to write this article purely because the Azure UI has changed!   Virtual Network Gateway Options With VPN’s into Azure you connect to a Virtual Network Gateway, of which there are TWO types Policy Based, and Route Based. This article will deal with...

Read More